==>"You're wrong there, lets look at Yahoo Messenger"
Dude, screw yahoo..who cares !! Everyone here, is posting using gmail , including yourself !!
On 8/4/06, n3td3v <[EMAIL PROTECTED]> wrote:
On 8/4/06, Stan Bubrouski < [EMAIL PROTECTED]> wrote:I'm reading your message in gmail and there is nothing in my temp
folder... not that i'd expect there to be. Gmail can't just create
files on your computer without your permission, it it can your
settings are wrong or your browser is broken. In other words if your
gmail mails are ending up in your temp folder your web browser is
putting them there... what browser are you using BTW. I'm using
firefox and it doesn't store my mails in the temp folder under my NT
account.
-sbYou're wrong there, lets look at Yahoo Messenger:yupdater.exeThe above little executable stays in the default Yahoo Messenger directory and can modify any files within that directory and sub-directories, the yupdater.exe can create and delete any file in those directories, and has the power to create new files and folders on the command of Yahoo. At no time is there notification by Yahoo to the end-user. I've witnessed when Yahoo were testing their backend anti-spam system, that blank folders were appearing within the default Yahoo Messenger directory. If an attacker can hack Yahoo and control everyones yupdater.exe then Yahoo will turn into a very dark place.Here is another executable that does discrete little directory updates to your system without end-user interaction or notification:YServer.exeWe tried to protest what Yahoo was doing other the years in private, and even thought at one point about putting out trojan horses and viruses under the same file names so Symantec etc would flag them as malware, although we didn'tSo yeah, Yahoo have the ability to and do infact modify your system without permission :)This is done randomly at Yahoo's own discretion and is seperate from legitmate announced Yahoo Messenger updates :)Its about time Yahoo came clean about yupdater.exe and YServer.exe instead of anonymously sending commands to operating systems, to modify, delete and create files and (or) folders without anyone knowing.No one is saying Yahoo is doing anything evil, but what if an accident happened? Yahoo would get its ass kickedNo one can say what unexpected modifications to folder and files might do to individual end-user systems.Yahoo, sort yourselves out.Foul play
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
http://peterdawson.typepad.com
PeterDawson Home of ThoughtFlickr's
"This message is printed on Recycled Electrons."
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
